Services that provide digital content such as music and movies via a network have commenced in recent years. Since digital content can be copied without a deterioration in quality in the copy, a DRM (Digital Rights Management) technique recited in Non-Patent Document 1 is used as a way of protecting the copyrights of digital content. A terminal that uses such a service is packaged with a terminal-use secret key (device key) provided by a DRM licenser. To prevent prevention of malicious usage of content, the content is encrypted in a manner that the linchpin of secrecy is the device key packaged in the terminal. The content is then distributed to the terminal via a network in this encrypted form.
The manufacturer of the terminal is provided with the device key on the basis of a contract with the DRM licenser. Since there is a possibility that devices capable of using the service maliciously (such as clone devices implemented in a PC) will be manufactured if the device key is exposed, the DRM licenser requires the terminal manufacturer to keep the device key secret, and to package the device key in the terminal in a manner that the device key will not be easily exposed or tampered with. This is recited in Non-Patent Document 2. There is also a form of contract whereby, as a requirement for license management, the DRM licenser requires the terminal manufacturer to use a different device key in each terminal. In such a case, the terminal manufacturer must package device keys in a manner that a same device key cannot be used in multiple terminals, even if the terminals are the same type of terminal.
Patent Document 1 discloses a method for securely packaging device keys in terminals in this way. According to Patent Document 1, to encrypt the device key, the device key is encrypted with a key generated by a key generation unit that receives input of unique information (a device unique value) and information unique to the device (device unique infatuation). This creates an encrypted device key. The device includes an LSI in which the device unique value is embedded, and a memory that stores the device unique information and the encrypted device key. When encrypted content is to be decrypted in this device, first the device unique information and the encrypted device key are input into the LSI, then the LSI generates a key from the device unique value and the device unique information. The encrypted device key is decrypted using the generated key, and then the device key generated as a result of the decryption is used to decrypt an encrypted content key.
Patent Document 2 discloses a method of packaging, in an IC card, an application authentication encryption key for authenticating the legitimacy of an application via a network. In Patent Document 2, an application authentication encryption key reception unit and an application authentication encryption key storage unit are provided in the IC. When setting the application authentication encryption key in the IC card, the application authentication encryption key is received from a certificate authority, and written to the application authentication encryption key storage unit. The non-volatile memory of an IC chip packaged in the IC card stores a manufacturing number which is unique to that IC chip, and an issue-use encryption key corresponding to the manufacturing number. The set of the IC chip manufacturing number and the corresponding issue-use encryption key is administered by the certificate authority. The certificate authority encrypts an application authentication encryption key with use of an issued encryption key, which is unique to the IC card, and sends the encrypted application authentication encryption key to the IC card via a network. The method disclosed in Patent Document 2 enables a different device key to be set in each of a plurality of terminals via a network.
Patent Document 3 discloses a method for authenticating the legitimacy of a device when updating software in the device. According to Patent Document 3, a server includes a software encryption unit that encrypts uses a serial number received from a device using the received serial number as a public key, and an encrypted data transmission unit that transmits the encrypted serial number. The device includes an encrypted serial number decryption unit that decrypts the encrypted serial number with use of a private key corresponding to the serial number that is the public key. The method disclosed in Patent Document 3 enables a device to be authenticated with use of information sent from the server and unique to that terminal.
Non-Patent Document 1: “Open Mobile Alliance Digital Rights Management Short Paper”, Open Mobile Alliance Ltd., 2003
Non-Patent Document 2: “Client Adopter Agreement”, pages 59-68, CMLA Founders-Contract Information, 2007
Patent Document 1: Japanese Unexamined Patent Application Publication No. 2004-208088
Patent Document 2: Japanese Unexamined Patent Application Publication No. 2004-139242
Patent Document 3: Japanese Unexamined Patent Application Publication No. 2001-211171